cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP GRC 10.0 SP10 - role search error

former_member297605
Active Participant

on ‎12-07-2015 11:48 PM

0 Kudos

Hi Experts

I have a peculiar error when search for a role in GRC (screenshots shown below). This is a master role.

When I re-import the role it successfully gets imported but when I go to search for the role after importing it I get the error "Role does not Exist"

as shown below. The role is definitely in the backend system - have checked that. Please could you let me know what you think the issue is and how to resolve it.

When I click on open in the below screen...

I get the below error...

But I can check the provisioning tab. The role does exist in the Production system and I have tried

to import the role from the Production system several times but get the same above mentioned error.

Thanks

Ranjit

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎12-17-2015 1:48 PM
0 Kudos

Hi Ranjit,

A requirement after importing a role is to perform GRAC_REPOSITORY_OBJECT_SYNC in FULL mode, not Incremental.  I suspect that you do not have a FULL sync job running to your non-prod system.  Try kicking this off manually and see if it solves the issue.

-Ken

Show replies
Show replies
former_member297605
Active Participant
‎02-03-2016 7:41 PM
0 Kudos

Hi Ken

Sorry about the late response as have just returned from holiday.

Are you saying that I need to run GRAC_REPOSITORY_OBJECT_SYNC in FULL mode from the GRC prod system for the non-production system? Are the below selected parameters correct? Is there any way I can do this for a particular role to test to make sure this will fix the issue?

Thanks

Ranjit

Former Member
‎02-03-2016 7:45 PM
0 Kudos

Hi Ranjit,

Yes, these parameters are correct.  To test, try opening a new Access Request and search for a role that cannot be found.  Then, execute the sync job in FULL mode and see if your role status in NWBC changes to YES for Exists.  And you should also then be able to find the role in Access Request search.

I recommend scheduling a FULL rep obj sync job to run every night or every week.

-Ken

former_member297605
Active Participant
‎02-04-2016 3:16 AM
0 Kudos

Hi Ken

I tested in a new Access Request but the role is available there and I can select it. The issue is when I import the same role into GRC it imports successfully but when I search for the same role and open it says "Role does not exist". When I import one of its derived roles into GRC it fails saying that the master role does not exist.

Thanks

Ranjit

Former Member
‎02-04-2016 3:33 PM
0 Kudos

I highly recommend performing the import from source "file on desktop" rather than "User Input".  I have had numerous different issues when trying to import roles using the User Input method.  There is also more flexibility of importing many roles at once using the role attributes template, as you can assign different attributes to the roles being imported together, rather than having to clump them into the same attributes for each import.  I absolutely believe this is the best method, and this is the only method I use.

You first need to download the role attributes template, which is found at the bottom of the first screen of role import:

Next, copy and paste the text file output into Excel.  You need to fill in the mandatory fields with the information (as indicated in column headers).  You also need to have the role(s) listed in column A as well as in column AK because this is how the system understand the start and the end of each record.

Notice in column T - Master Role.  This is were you need to add the Master Role for each Derived Role.  This tells the system the correct relationship.  You should be importing the Master Role with the Derived roles in the same file.  If there is no Master role that corresponds, leave this blank.  Also make sure your role type in column C is set correctly.

You'll need to know the Business Process technical names (found in SPRO config for AC) and all the technical IDs of the different attributes you assign.  This file only accepts the technical attribute IDs, not the pretty text.  For example, you wouldn't add "BASIS" for basis business process attribute in this file.  Instead you would add "BS00" or whatever the technical ID is in within config.

When you are finished assigning all attributes within the Excel template file, copy and paste back to a notepad .txt file, save, and then upload into the role import process (screen 2).  Prior to advancing to screen 2 you will need to choose the landscape and system that these roles are being imported from.

You will likely have to try and fail with this process several times, but each time it fails it will tell you exactly what is wrong.  Go back and correct it and then try to upload the file again.

Hope this helps!

-Ken


Former Member
‎02-04-2016 3:55 PM
0 Kudos

Ranjit,

We, too, do our role imports by the file method as described by Ken. However, I suggest to people just learning this method to do a role details export of one or two roles from that connector and business process wherever feasible. That way, you essentially have a model import template already populated with connector names, business process IDs, and the other role attributes that are in use. It makes the job of populating that file easier than working from a blank template.

Regards,

Gretchen

former_member297605
Active Participant
‎02-08-2016 8:16 PM
0 Kudos

Hi Ken

Thanks for your response. I tried the import using a file as instructed and had mixed results.

When I tried to import the master role using the file method it was successful but when I searched for the same role and opened it got the same error "Role does not exist".

Then I tried importing the derived role using the file method and it failed with the same error.

However when I imported the same role as a single role without defining the master role in the file it worked successfully and when searching for the role and opening it I do not get the error "Role does not exist". Is this ok to do or will it cause any issues during provisioning?

So it appears to be an issue with the master role but unable to decipher what the problem could be. The master role in question exists in the backend SAP system.

Thanks

Ran

former_member297605
Active Participant
‎02-08-2016 8:17 PM
0 Kudos

Hi Gretchen

Thanks for your response. I tried the import using a file as instructed and had mixed results.

When I tried to import the master role using the file method it was successful but when I searched for the same role and opened it got the same error "Role does not exist".

Then I tried importing the derived role using the file method and it failed with the same error.

However when I imported the same role as a single role without defining the master role in the file it worked successfully and when searching for the role and opening it I do not get the error "Role does not exist". Is this ok to do or will it cause any issues during provisioning?

So it appears to be an issue with the master role but unable to decipher what the problem could be. The master role in question exists in the backend SAP system.

Thanks

Ran

Former Member
‎02-08-2016 8:34 PM
0 Kudos

Ranjit,

The only time I got "Role does not exist" messages was when we tried to import a role but had not yet done a full sync, or if we tried to import the derived child role without importing the Parent role first.

This may sound silly, but be sure that the Parent role technical name in your import file is not messed up with a typo or space.

Have you searched through all the Notes on role imports? SP10 is rather behind the times, going on 4 years old now. SAP does recommend implementing support packs at least annually. I'd get more current if I were you.

Gretchen

Former Member
‎02-10-2016 2:11 PM
0 Kudos

1. Try to import the Master and Derived role in the same file upload - this is required.  The Master role needs to be referenced in the Derived role's line item in column T of the file.

2. Verify that these roles are, in fact, related by Master-Derived relationship.  Go to PFCG and display one of the roles.  Then use the Inheritance Hierarchy button (or Ctrl+Shift+F3) to validate that these roles are linked.

3. After importing into GRC, perform GRAC_REPOSITORY_OBJECT_SYNC in FULL mode - this is a requirement.

former_member192902
Participant
‎12-10-2015 12:41 PM
0 Kudos

HI Ranjit,

Please can you share me the screen shot how you imported the role with selection of systems.

With Regards

Trinadh Bokka

Show replies
Show replies
former_member297605
Active Participant
‎12-13-2015 10:44 PM
0 Kudos

Hi Trinadh

Please see below for screenshots

In Role search....

former_member182655
Contributor
‎12-14-2015 7:43 AM
0 Kudos

Hi Ranjit,

Let's make an experiment just to check the following idea. I suppose that error message you see is related to Development system where role doesn't exist.

So, could create the role in DEV system and open it in GRC.

I think, when you click on the role, GRC checks role existence in all systems it should be.

Regards,

Artem

former_member297605
Active Participant
‎12-14-2015 10:10 PM
0 Kudos

Hi Artem

Thanks for your reply. I'm testing this currently. Have an issue with the RFC and I'm waiting on the basis team to sort it. WIll let u know how it goes once the RFC issue is fixed.

former_member297605
Active Participant
‎12-16-2015 1:03 AM
0 Kudos

HI Artem

I have now imported the role from the dev system and it was successful. BUt when I search for the role it still says "Role does not exist". I might need to get a developer to debug this I reckon.

Thanks

Ranjit

plaban_sahoo6
Contributor
‎12-16-2015 4:07 AM
0 Kudos

Hi Ranjit,

Could you re-import through template, and not user inputit might be that you are missing some mandatory fields, like Provisioning Allowed as YES

Regards

Plaban

former_member297605
Active Participant
‎12-16-2015 9:40 PM
0 Kudos

Hi Plaban

I have tried that too and it says the import was successful but when I search for the role after the import still says "Role does not exist".

Thanks

Ranjit

former_member182655
Contributor
‎12-08-2015 1:30 PM
0 Kudos

Hi Ranjit,

Did you make synchronizations for every system in your landscape? What system is set as a default system for your landscape?

Regards,

Artem

Show replies
Show replies
former_member297605
Active Participant
‎12-08-2015 7:38 PM
0 Kudos

Hi Artem

Im a bit new to GRC 10.0 so please guide me.

I can see there are jobs that do regular mass import of roles from back end systems and repository object sync. Where do I check for the default system for my landscape?

Please advise.

former_member182655
Contributor
‎12-09-2015 9:37 AM
0 Kudos

Hi Ranjit,

You can check it in spro "Maintain Mapping for Actions and Connector Groups", there you can tick check boxes for default connector.

Notice, I only suppose that it may help, but I'm not sure

Regards,

Artem

former_member182655
Contributor
‎12-09-2015 9:41 AM
0 Kudos

And one more suggestion. Could you try to trace permissions for the communication user in the back-end?

Or give it full authorization for check.

Also check SLG1 for GRC, it will give you more clear information.

Regards,

Artem

former_member297605
Active Participant
‎12-13-2015 10:06 PM
0 Kudos

Hi Artem

The communication user has sap_all and don't find any errors in SLG1 after I import the role. The thing is the import works fine for other roles. It only has issues with once specific role. When I import it says the import is successful. However when I go to search for the role as per my above screenshots I get the error "Role does not exist".

Ask a Question